WO2021068777A8 - Methods and systems for internet key exchange re-authentication optimization - Google Patents
Methods and systems for internet key exchange re-authentication optimization Download PDFInfo
- Publication number
- WO2021068777A8 WO2021068777A8 PCT/CN2020/118193 CN2020118193W WO2021068777A8 WO 2021068777 A8 WO2021068777 A8 WO 2021068777A8 CN 2020118193 W CN2020118193 W CN 2020118193W WO 2021068777 A8 WO2021068777 A8 WO 2021068777A8
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- spi
- network device
- notification
- systems
- methods
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/164—Implementing security features at a particular protocol layer at the network layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/28—Timers or timing mechanisms used in protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Methods and systems for Internet Key Exchange (IKE) re-authentication optimization are disclosed. It teaches sending, by a first network device (1201) (initiator) and a second network device (1202) (responder), a notification, i.e., a SA_TS_UNCHANGED notification which contains new Security Parameters Index (SPI) for new SA, since the SA and TS payloads are no longer being sent. It also teaches sending, by the first network device (1201) (initiator) alone, a OLD_SPI notification to map SPI of IPSec (AH/ESP) with the old IPSec SA. It also teaches combining the INIT and AUTH exchanges and encrypting them before sending said combination in the existing IKE tunnel to avoid vulnerable attacks during reauth and to reduce the total number of messages required to be transmitted to perform reauth.
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202080060976.1A CN114788225A (en) | 2019-10-10 | 2020-09-27 | Method and system for performing internet key exchange re-authentication optimization |
EP20874417.7A EP4026299A4 (en) | 2019-10-10 | 2020-09-27 | Methods and systems for internet key exchange re-authentication optimization |
US17/716,470 US20220263811A1 (en) | 2019-10-10 | 2022-04-08 | Methods and Systems for Internet Key Exchange Re-Authentication Optimization |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IN201931040879 | 2019-10-10 | ||
IN201931040879 | 2019-10-10 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/716,470 Continuation US20220263811A1 (en) | 2019-10-10 | 2022-04-08 | Methods and Systems for Internet Key Exchange Re-Authentication Optimization |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2021068777A1 WO2021068777A1 (en) | 2021-04-15 |
WO2021068777A8 true WO2021068777A8 (en) | 2021-06-10 |
Family
ID=75437689
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/118193 WO2021068777A1 (en) | 2019-10-10 | 2020-09-27 | Methods and systems for internet key exchange re-authentication optimization |
Country Status (4)
Country | Link |
---|---|
US (1) | US20220263811A1 (en) |
EP (1) | EP4026299A4 (en) |
CN (1) | CN114788225A (en) |
WO (1) | WO2021068777A1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2023206374A1 (en) * | 2022-04-29 | 2023-11-02 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for providing internet protocol security communication |
US11916890B1 (en) | 2022-08-08 | 2024-02-27 | International Business Machines Corporation | Distribution of a cryptographic service provided private session key to network communication device for secured communications |
US11924179B2 (en) | 2022-08-08 | 2024-03-05 | International Business Machines Corporation | API based distribution of private session key to network communication device for secured communications |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106302376A (en) * | 2015-06-29 | 2017-01-04 | 中兴通讯股份有限公司 | Re-authentication recognition methods, evolution packet data gateway and system |
US10250578B2 (en) * | 2015-11-03 | 2019-04-02 | Qualcomm Incorporated | Internet key exchange (IKE) for secure association between devices |
CN106254376B (en) * | 2016-09-05 | 2019-10-11 | 新华三技术有限公司 | A kind of authentication and negotiation method and device |
US10609008B2 (en) * | 2017-06-08 | 2020-03-31 | Nxp Usa, Inc. | Securing an electronically transmitted communication |
-
2020
- 2020-09-27 EP EP20874417.7A patent/EP4026299A4/en active Pending
- 2020-09-27 CN CN202080060976.1A patent/CN114788225A/en active Pending
- 2020-09-27 WO PCT/CN2020/118193 patent/WO2021068777A1/en unknown
-
2022
- 2022-04-08 US US17/716,470 patent/US20220263811A1/en active Pending
Also Published As
Publication number | Publication date |
---|---|
US20220263811A1 (en) | 2022-08-18 |
WO2021068777A1 (en) | 2021-04-15 |
EP4026299A1 (en) | 2022-07-13 |
EP4026299A4 (en) | 2022-10-26 |
CN114788225A (en) | 2022-07-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021068777A8 (en) | Methods and systems for internet key exchange re-authentication optimization | |
US9787643B2 (en) | Transport layer security latency mitigation | |
WO2019209168A3 (en) | Data processing method, related apparatus, and blockchain system | |
IL261137A (en) | System and method for performing secure communications | |
CA3011085A1 (en) | System and method for implementing secure communications for internet of things (iot) devices | |
CN102088465B (en) | Hyper text transport protocol (HTTP) Cookie protection method based on preposed gateway | |
WO2015119679A3 (en) | Method and system for securely establishing cryptographic keys for aircraft-to-aircraft communications | |
SG10201901366WA (en) | Key exchange through partially trusted third party | |
EP4149157A3 (en) | Method and apparatus for wireless communication in wireless communication system | |
CN104158653A (en) | Method of secure communication based on commercial cipher algorithm | |
WO2008030523A3 (en) | Real privacy management authentication system | |
WO2007139794A8 (en) | Encryption method for secure packet transmission | |
WO2008105946A3 (en) | AUTOMATED METHOD FOR SECURELY ESTABLISHING SIMPLE NETWORK MANAGEMENT PROTOCOL VERSION 3 (SNMPv3) AUTHENTICATION AND PRIVACY KEYS | |
GB2528226A (en) | Method performed by at least one server for processing a data packet from a first computing device to a second computing device to permit end-to-end | |
CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
WO2004051964A3 (en) | Tunneled authentication protocol for preventing man-in-the-middle attacks | |
CN102111411A (en) | Method for switching encryption safety data among peer-to-peer user nodes in P2P network | |
EP4274157A3 (en) | Communicating securely with devices in a distributed control system | |
EP4344266A3 (en) | Updating a subscriber identity module | |
RU2015150542A (en) | AUTHENTICATION METHOD IN HIDDEN DATA TRANSFER CHANNEL | |
CN105245338B (en) | A kind of authentication method and apparatus system | |
CN102780702A (en) | System and method for document security transmission | |
CN105763566A (en) | Communication method between client and server | |
CN106209384B (en) | Use the client terminal of security mechanism and the communication authentication method of charging unit | |
IN2014CN03607A (en) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20874417 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2020874417 Country of ref document: EP Effective date: 20220408 |